Designing a Physical Unclonable Function for Cryptographic Hardware

Hardware Security Modules (HSMs) are embedded systems that provide a physically secure data storage and handling environment. This master thesis evaluates an HSM method incorporating cryptographic key generation, key management, and tamper protection. The HSM concept involves a sensing mesh structured Physical Unclonable Function (PUF), where the cryptographic key is derived from the sum of cross-sectional area capacitance between conductors on adjacent layers of a flex PCB forming a grid. This sensing mesh PUF that stores a digital fingerprint in its microstructure is used to enclose an internal system extracting and managing the keys. This ensures that accessing the internal structure is unmanageable without modifying the enclosure. Since the cryptographic key is derived from the intrinsic properties within the sensing mesh, modifying it will change its intrinsic properties and change the cryptographic key and make it unusable. The Master thesis contains PCB design and development of a prototype of the PUF system and an associated capacitance measurement system, which can handle and extract unique keys from each copy of the PUFs. A hardware assembling, experimenting, and evaluation procedure were performed regarding the robustness of the PUF and its susceptibility to environmental impacts such as temperature changes, invasive attacks, and agitation. Additionally, an performance evaluation is made by estimating a set of quality factors often associated with PUFs, such as uniqueness, reliability, uniformity, and bit-aliasing on the extracted cryptographic keys. The cryptographic keys provide good reliability in stable conditions for each PUF copy of the population. The cryptographic keys also provide gooduniqueness, uniformity, and bit-aliasing estimations with the quality factors. Moreover, an invasive attack experiment indicates that the PUF enclosure prototype provides tamper detection possibilities together with distinct structure modifications when an intrusion attempt is performed. As stated in theory, ...